microsoft ® exchange online overview

1 | Copyright© 2010 Microsoft Corporation

Microsoft® Exchange Online Overview

Piotr Pawlik MVP Exchange Server | Redakcja WSS.pl


Business benefits of moving to the cloud

Get up and running quickly

and easily

Cut operational and technology

costs

Give people the tools to be productive


Business benefits of moving to the cloud

http://www.youtube.com/watch?v=EppCXYkDjWI




Announcing Microsoft Office 365BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST-TRUSTED

COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION

OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES.


Exchange Online SubscriptionsFeature Kiosk Plan 1 Plan 2Mailbox Size 500 MB 25 GB* Unlimited**Microsoft Outlook® Web App Premium

Yes Yes Yes

POP Yes Yes YesIMAP No Yes YesMicrosoft® Outlook Anywhere

No Yes Yes

Microsoft ExchangeActiveSync®

No Yes Yes

Exchange Web Services

No*** Yes Yes

Inbox Rules No Yes YesDelegate Access No Yes Yes

* 25 GB of storage apportioned across the user’s primary mailbox and personal archive.** 25 GB of storage in the user’s primary mailbox, plus unlimited storage in the user’s personal archive. *** Direct access to Kiosk user mailboxes via Exchange Web Services is not permitted. However, line-of-business applications can use Exchange Web Services impersonation to access Kiosk user mailboxes.


Exchange Online Subscriptions (Cont)

Feature Kiosk Plan 1 Plan 2

Instant Messaging Interoperability in Outlook Web App

No Yes (requires Microsoft Lync™

Online or Microsoft Lync Server 2010

on premise)

Yes (requires Lync Online or Lync Server 2010 on

premise)

SMS Notifications No Yes Yes

Personal Archive No Yes Yes

Voice Mail No No Yes

Legal Hold No No Yes


Business Challenges

How can I keep pace with the ever-growing quantity of email in my inbox?

How do I give my employees access to

their email and calendars from everywhere?

How do we maintain the security and

compliance of our messaging

environment?


PROTECTION & COMPLIANCE

VISIBILITY & CONTROL

ANYWHERE ACCESS

Business-class email, calendar, and contacts for your organization


The robust and familiar capabilities of Exchange, delivered from the cloud

PROTECTION & COMPLIANCE

VISIBILITY & CONTROL

ANYWHERE ACCESS


Outlook 2003*, 2007, 2010

Outlook Anywhere Autodiscover Outlook Web

Access Custom OWA URL Entourage 2004*,

2008*, WS edition POP• Windows Mobile• iPhone• Other ActiveSync

devices• BlackBerry

Enterprise Server (add-on)

• Remote device wipe

• Delegates (“send on behalf of”)

• Shared mailboxes (“send as”)

• Server-side forwarding

• Out of Office• WebReady

document viewing• Conference rooms• Resource booking

attendant• Conference room

delegation• Tasks

Personal contacts Shared contacts Personal

distribution groups Shared

distribution groups Global address list Offline address

book

[not available] Forefront Online Protection for Exchange (AS/AV)

Forefront for Exchange (AV)

Route inbound mail on-premises for filtering

Safe senders Blocked senders Forced TLS S/MIME

• GUI for managing some features

• Exchange Personal Archive • E-Discovery

(Multi-Mailbox Search)• Message

Retention (Archive and Delete Policies)• Message

Retention (Legal Hold Policy)• Compliance

Auditing• Transport rules• Custom

disclaimers

• S/MIME in OWA

• Speech-enablement of directory and auto-attendant

• Conversation view• Ignore/move

conversation• MailTips• Mail aggregation• Shared nickname

cache across OWA and mobile• Message tracking

(user self-service)• Free-busy interop

with on-premise• Free/busy sharing

with other orgs• Share full

calendar detail with other orgs• Publish calendar

for anonymous access

• Dynamic distribution groups• Restricted

distribution groups• Moderated

distribution groups• Share personal

contacts• Contact info

update (user self-service)

• Hosted voicemail (integration with PBX)• Outlook Voice

Access• “Play on phone”

button• Missed call

notifications• Caller ID• Company auto-

attendant• Self-service PIN

reset• Message waiting

indicator• Voicemail preview• Call answering

rules• Protected

voicemail

• Sign in using AD credentials• Route outbound

mail on-premise for filtering• Multi-factor auth

(smartcard, soft cert)• Integration with

on-premise RMS (for search, pre-licensing)• RMS transport

rules• Journal decryption

of RMS messages• Outlook

Protection Rules

Client Access

E-mail,Calendarin

gContacts,Directory UM, Fax Security

Compliance/

Archiving

Applications/

Developer

Administration

Journal e-mail to external archive

Journal e-mail to EHA

• PST import and export

• Provision users in multiple datacenters

Exchange Web Services (EWS)

EWS Managed API for .NET

SMTP relay

• MAPI/CDO access• Custom code/dlls• Transport agents• Custom OWA

themes, colors, add-ins

• Public folders

Web-based management

Active Directory sync

Bulk user activation

Deleted item recovery

Deleted mailbox recovery• Remote PowerShell• Role Based Access

Controls (RBAC)• Exchange

Management Console (x-premise management)• Enhanced

migration tools• No OST resync

after migration• Offboarding tools• Support for orgs

>30,000 users

• IMAP• Customize

ActiveSync security policies• Full OWA support

in Firefox/Safari• IM and presence

in OWA• OWA side-by-side

calendar view• Mobile free/busy

lookup • Mobile reply

status• Mobile SMS sync• Over-the-air

update for Outlook mobile

• OWA login: public/ private radio buttons

• Exchange 2007-style Managed Folders

• Multi-mailbox search export to PST

• GUI for some features

• Hierarchical address book

• GAL segmentation

Exchange Online : BPOS vs. Office 365

Outlook 2003*, 2007, 2010

Outlook Anywhere Autodiscover Outlook Web

Access Custom OWA URL Entourage 2004*,

2008*, WS edition POP• Windows Mobile• iPhone• Other ActiveSync

devices• BlackBerry

Enterprise Server (add-on)

• Remote device wipe

• Delegates (“send on behalf of”)

• Shared mailboxes (“send as”)

• Server-side forwarding

• Out of Office• WebReady

document viewing• Conference rooms• Resource booking

attendant• Conference room

delegation• Tasks

Personal contacts Shared contacts Personal

distribution groups Shared

distribution groups Global address list Offline address

book

[not available] Forefront Online Protection for Exchange (AS/AV)

Forefront for Exchange (AV)

Route inbound mail on-premise for filtering

Safe senders Blocked senders Forced TLS S/MIME


CalendarEmail Contacts Tasks Company DirectoryVoicemail

Anywhere Access• Rich client access via Outlook • Premium Web e-mail experience• Mobile access from a wide range of phones• Voicemail in your inbox• Large mailbox sizes (25GB)

PCs PhonesBrowsers


Anywhere AccessRich and familiar Outlook experience

• Gives users a full-fidelity Outlook experience• Supports Outlook 2010 features including Conversation View,

MailTips, and Meeting Room Finder

Conversation View in Outlook 2010 MailTips in

Outlook 2010


Anywhere AccessPremium web experience

• IE, Firefox, Safari, Chrome support

• Integrated IM and presence

• Enhanced search, filters, favorites

• Side-by-side calendar view

IM and presence integration with Lync Online or Lync Server


Anywhere AccessMobile messaging

• Seamless mobile access through Exchange ActiveSync • Support for popular mobile devices• Self-service remote device wipe

AppleWindows® Phone

Palm/HP

Nokia


Anywhere AccessRobust collaboration features• Large mailbox sizes (25 GB) and

message limits (25 MB) • Global address list and shared

contacts

• Restricted, moderated, and dynamic distribution groups

• Shared mailboxes ([email protected])

Global Address List

Distribution groups

Moderation

mailto:[email protected]


Anywhere AccessEnterprise-class calendaring• Calendar sharing and publishing• Federated free/busy sharing (org to

org)

• Conference rooms• Calendar delegation

Scheduling Assistant Delegate access


Anywhere AccessHosted voicemail• Integrates with your on-premises

phone system• Removes the need to manage

voicemail infrastructure

• Gives users a single inbox for email and voicemail

• Provides the latest features of Exchange Unified Messaging

Inline player

Voicemail preview

Caller ID


Visibility and Control

• Simple, web-based administration

• Advanced management and automation via PowerShell

• Role-based access control• Built-in auditing reports

Exchange Control Panel

Remote PowerShellAuditing reports


Visibility and ControlExchange Control Panel

• Powerful Web-based tool for managing your online environment• Capabilities such as multi-mailbox search and group management

can be delegated to non-IT users


Visibility and ControlRemote PowerShell

• Allows scripting and automation of routine tasks• Lets you update settings without calling support• Gives you to access to raw data for reports

New-DynamicDistributionGroup-Name "Florida Sales and Marketing" -IncludedRecipients MailboxUsers -ConditionalDepartment Sales,

Marketing-ConditionalStateOrProvince Florida


Visibility and ControlRole Based Access Control

• Delegate administrative tasks within IT and beyond• Granular control over scope and permissions

Andy RyanSystems Administrator

All employees

• Create users• Edit retention

policies• Create transport

rules• Configure UM

• Set legal hold• Edit mobile

security policies• Manage dynamic

distribution lists

Organization Management

Joanna RybkaTier 1 Support (Europe)

All employees in Europe

• Track messages• View-only

recipients

• Mobile device wipe

• Manage groups

Help Desk

Donna ScottCompliance Officer

All employees in the U.S.

• Multi-mailbox search

• Set legal hold

Discovery Management


Visibility and ControlAuditing reports

• Track delegate access and see which users have logged in to shared mailboxes

• Find out who changed configuration settings and administrative permissions

• Extract data for long-term storage or to build custom reports

Track configuration

changes: RBAC, settings, etc.

Track mailbox access: delegates, shared mailboxes,

etc.

Export log data for long-term retention or custom reports


Protection and CompliancePremium anti-spam and antivirus protection• High-accuracy spam filtering• Multiple virus-scanning engines• Included with Exchange Online subscription• Admin center provides advanced policy rules and reporting

External E-mail


Protection and ComplianceNative Exchange archiving

• Allows easy migration to a managed archive solution• User experience for managing mailbox does not change • Provides a way to centralize data currently stored in PST files

Archive can be searched with familiar toolsArchive appears

alongside a user’s primary mailbox

Content can be dragged from PSTs

to the archive


Protection and Compliance• Integrated archiving with a familiar user

experience• Multi-mailbox search for efficient e-discovery• Policies to automatically preserve or expire

email• Premium anti-spam and antivirus protection

Built-in archive

Multi-mailbox search


Protection and ComplianceRetention policies and legal hold

• Custom policies automatically delete or archive content • Integrates with personal archive• Legal hold policy captures user edits and deletions

Policies apply to all e-mails within

a folder by default

User can view expiration date

User can select retention policy for a specific

e-mail


Protection and ComplianceMulti-mailbox search

• Web-based search capabilities can be delegated to specialists• Empowers legal and compliance staff to conduct e-discovery• Search works across on-premises and online mailboxes

Rich search criteria and targeting

optionsResults stored in

specialized mailbox

Preview of search results


Protection and ComplianceTransport rules

• Structured like Inbox rules• Apply to all messages sent inside and outside the organization• Configured with simple Web-based GUI

Conditions

If the message...Is from a member of the group ‘Executives’And is sent to recipients that are 'Outside the organization' And contains the keyword ‘Merger’

ActionsDo the following...Redirect message to: [email protected]

Exceptions

Except if the message...Is sent to ‘[email protected]


Protection and ComplianceIntegration with IRM services

AD RMS Server(On-premises)

• Exchange Online can be integrated with on-premises AD RMS

• This activates advanced Exchange 2010 IRM features, including:• IRM in OWA, IRM search, and Protected Voicemail • Transport Protection Rules and Outlook Protection Rules

Exchange Online

Key Import


Protection and ComplianceFlexible mail routing

• Route outbound email through on-premises email server or other hosted service

• Allows use of third-party appliances for encryption and data leakage prevention (DLP)

Outbound email

Messaging Server

or Applianc

e

Internet


Migrating to Exchange Online

• Move mailboxes to Exchange Online with cloud-based tools• Users stay connected to their mailboxes while data is migrating• Switch to Exchange Online over a weekend, or move users in

stages


Deployment FlexibilityWeb-based Exchange and IMAP migration tools• Free tools for rapid migration• No software to install• Migrate email from

all platforms that support IMAP

• Migrate email, calendar, contacts and tasks from Exchange 2003, 2007, or 2010


Deployment FlexibilityRich hybrid capabilities

Connect your Exchange Server to the cloud for smooth migration or long-term coexistence• Share free/busy data between cloud and on-premises users• Migrate users to the cloud with native Exchange tools• Give users a seamless transition, with no OST re-sync• Easily move mailboxes back on-premises

Exchange Server 2003 or

2007

Exchange 2010 SP1 “coexistence” server


Deployment FlexibilityExchange Web Services

Flexible• Works with Exchange Online• Works with Exchange Server • Works in hybrid environments

Easy to Use• .NET-based EWS Managed API 1.0• Full Visual Studio support

Rich Functionality• Create custom portals and applications• Enhance line of business apps with

calendar data and e-mail workflow


Which Exchange Server Features Are Not Available in Exchange Online?Client Access• Outlook 2003 support• OWA login: public/private radio

buttonsDirectory• Hierarchical address book• Global Address List segmentation

Voice mail• Speech-enablement of directory

and auto-attendant

Administration• Automated PST import and export• Provision users in multiple datacenters• Multiple on-premises AD forests • Resource forest topologies

Compliance/Archiving• Exchange 2007-style Managed Folders• GUI for creating Retention Policies• Third-party add-ins for transport rules

Security• S/MIME in OWA• S/MIME certificate syncApplications

• MAPI/CDO access• Server-side code, .dlls, transport

agents• Custom OWA themes, logos, add-ins• Public folders


Anywhere AccessHosted voicemail architecture• Session Border Controller (SBC) at customer site connects PBX to

Exchange Online• Calls are securely routed from local PBX to hosted UM servers• Integration with Lync Server 2010 also available

PSTN

PBX and Office Phones

Internet

Customer owns and maintains PBX and SBC/gateway on-premises

Exchange Online hosts Exchange UM services


Online Exchange UM Architecture

PBX

SIP gateway

SIP gatewayExchange 2010 UM Servers

Active Directory

Contoso Corporation (Office 365 Customer)Internet

SBC SBC

Mediation Server

Fabrikam Corporation (Office 365 Customer)Exchange Online

Access Edge Server

SIP gateway

A/V Edge Server

Lync Server 2010

Access Edge Server

A/V Edge Server

SIP/TLS/SRTP

SIP/TLS/SRTPSIP/

TLS/

SRTP

SIP/TLS/SRTP SIP/

TLS/

SRTP

SIP/TLS/SRTP

SIP/TL

S/SRT

P

172.42.23.12

172.42.23.13

Acme Packet Net-Net 4500 in HA

config: at least 1 per datacenter

Edge server pool is operated by Lync

Online


Why Exchange Online? Why? Why? Why?

http://www.youtube.com/watch?v=eFCSp23xl40




Demo


Remote PowerShell & EMC


• $LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

Import-PSSession $Session

Remove-PSSession $Session

Remote PowerShell


ECP - Office 365 - ScenariuszePrzywracanie usuniętej skrzynki


Power of PowerShell

Shared mailbox

Limity skrzynek

Ukrywanie użytkownika

w GAL

Resource mailbox


Migration Solutions2500050001501

Several Months3 weeks2 weeks<1 week

Organizational Size in Users

Time For Migration including Planning

Cutover Exchange Migration

Staged Exchange Migration (with DirSync)

Hybrid (MRS) – onboaring + offboarding


Example Profiles and Solutions1

Source: E2007Users: 250

Time: WeekendIdentity Management: On-premise

Solution: Staged Migration

2Source: E2003

Users: 75Time: Weekend

Identity Management: On-premiseSolution: Staged Migration

3Source: E2010


Identity Management: On-premiseSolution: Staged Migration

4Source: E2010


Identity Management: On-premise Solution: Hybrid deployment

5Source: E2003Users: 2500

Time: WeekendIdentity Management: on-premise

Solution: Staged Migration

6Source: E2003


Identity Management: CloudSolution: Cutover


Cutover Exchange

• Courier-IMAP, Cyrus, Dovecot anything IMAP


Cutover Exchange

• <= 1k mailboxes• <= 50k object count• Enable Outlook Anywhere

(RPC/HTTP) on source server

• ~150 to ~250 User Organisation• ~2 Weeks for Planning and Migration

NO – Out of scope:• DDL or Security Groups• OST Preservation (ID=/=ID)• Client side rules• RSS Feedback


Cutover Exchange – What Will Be Migrated?

• Message Items• Delivery Reports• NDRs• Read/Non-read Receipt

• Folders• Rules• Categories• Read status• Flags• Mapping of special folders

• Deleted Items• Sent Items• Drafts• Search folders

• Calendar items• Tasks• Notes• Contacts• Folder permissions• Custome folders• Categories


Cutover Exchange – End User Experience

• End user gets password from Admin• End user performs the first logon to reset the password• End user creates a new outlook profile and OST file and

re-syncs all the content

Cutover Exchange – Admin Experience• Enable Outlook/Anywhere• Setup mailbox permissions• Enter remote server details (Portal Microsoft Online)• Provision MBXes, MEUs, contacts, DLs,...• Change MX record• Complete Migration


Staged Exchange


• (+) Uses Directory Sync (DirSync)

• Enable Outlook Anywhere (RPC/HTTP) on source server

• CSV File !

Staged Exchange• Up to ~5000 Users• ~4 Weeks for Planning and Migration• Same as cutover (Outlook Anywhere andPermissions to mailboxes)


Staged Exchange Migration – Admin Experience

• Setup MSO DirSync• Setup mailbox permissions• Prepare CSV• Enter remote server details• Upgrade MEUs to MBXs• Add TargetAddress to on-prem mailbox• Data Sync• Change MX Record• Complete Migration

• NPSI to read directory and provision recipients• Uses RPC/HTTP (Outlook Anywhere) to migrate data


Email Migration Demo


Lync Server IM/Presence & UM

Lync Federation

IM/PresenceIM/Presence& UM

IM/Pr

esen

ce

OnlineOn-prem

Exchange/SharePoint

Lync Online

Exchange/SharePoint

Online

On-premise \ cloud coexistence

Exchange Rich Coexistence


Rich CoexistenceStaged Migration vs. Hybrid feature-set

Feature Staged RichMail routing between on-premise and cloud (recipients on either side)

Mail routing with shared namespace (if desired) - @company.com on both sides

Unified GAL

Free/Busy and calendar sharing cross-premise

Mailtips, messaging tracking, and mailbox search work cross-premise

OWA Redirection cross-premise (single OWA URL for both on-premise and cloud)

Exchange Online Archive Exchange Management Console used to manage cross-premise relationship & mailbox migrations

Native mailbox move supports both onboarding and offboarding

No outlook reconfiguration or OST resync required after mailbox migration Online Mailbox Move allows users to start logged into their mailbox while it is being moved to the cloud

Secure Mail ensure emails cross-premise are encrypted, and the internal auth headers are preserved

Centralised mailflow control, ensures that all email routes inbound/outbound via On premise

Exchange Sharing

Secure Transport

Mailbox Move


Mail routing

• Scenariusz jednorodny Fully hosted - Wiadomości email w obrębie domeny email przepływają wyłącznie przez Cloud (Microsoft Exchange Online), bez jakiejkolwiek interakcji z lokalnymi serwerami poczty. Jest to opcja domyślna. Aby uzyskać więcej informacji, zobacz Fully Hosted Scenario. Ten scenariusz nie używa FOPE konektora.

• Scenariusze Hybrydowe – Można używać hybrydowych scenariuszy przepływu poczty aby częściowo obsługiwać pocztę w chmurze (Microsoft Exchange Online) i częściowo na innych serwerach poczty. Wymienione poniżej konfiguracje pozwalają używać jednej nazwy domeny email w środowisku hybrydowym skłądającym się z Exchange Online i lokalnych serwerów poczty.

• Więcej: http://jaroslawsokolnicki.wordpress.com/2012/05/07/exchange-online-w-srodowisku-mieszanym-wspoldzielenie-domeny-e-mail-z-innym-systemem-poczty/

http://technet.microsoft.com/en-us/library/gg430172.aspx


Scenariusz hybrydowy 1

• Wspólna przestrzeń adresowa ze wskazaniem na lokalny serwer (Rekord MX wskazuje na lokalny serwer poczty) – rekord MX dla udostępnionej domeny e-mail jest skonfigurowany tak aby przesyłać wiadomości do lokalnego serwera poczty, zanim zostaną wysłane do chmury. To dość powszechny scenariusz kiedy to Exchange Online wysyła i odbiera pocztę przez zewnętrzny serwer (smart host), najcześciej jest to już istniejący serwer poczty w organizacji. Aby uzyskać więcej informacji, zobacz Shared Address Space with On-Premises Relay Scenario (MX Points to On-Premises) lub Simple Domain Sharing for SMTP Email Addresses



http://community.office365.com/en-us/w/exchange/simple-domain-sharing-for-smtp-email-addresses.aspx


Scena

riusz

hybryd

owy 1



• Wspólna przestrzeń adresowa ze wskazaniem na Cloud (Rekord MX wskazuje na Cloud) – rekord MX dla udostępnionej domeny e-mail jest skonfigurowany tak aby przesyłać wiadomości do FOPE do przetwarzania antyspamowego i polityk filtrowania, zanim zostaną przesłane do Exchange Online, gdzie są ponownie filtrowane za pomocą Forefront Protection 2010 na Exchange Server (FPE) na serwerach Exchange Online Transport. Ten scenariusz zapewnia, że wszystkie wiadomości, które są przekazywane do lokalnego serwera poczty w organizacji zostały odfiltrowane ze spamu i wirusów.Aby uzyskać więcej informacji, zobacz Hybrid Routing – Pointing Your MX Record to the Cloud lub Hybrid Routing – Pointing your MX record to the Cloud

http://go.microsoft.com/fwlink/?LinkId=223890

http://community.office365.com/en-us/w/exchange/514.aspx


Hybrid Configuration Features

• Free/busy sharing• Mailbox moves• Message tracking• MailTips• Online archiving• Outlook Web App redirection• Secure Mail (between on-premise and cloud via TLS protocol)


Hybrid Server Roles2 Required Server Roles:• Office 365 Directory Sync• Exchange Server 2010 SP1 CAS/HUB/MBX*

Exchange Server 2010 SP1 CAS/HUB

Unified Global Address ListOffice 365 Directory Sync

Exchange SharingADFS v2

Single Sign On

1 Optional Server Role:• Active Directory Federation

Services

Mailbox Move

Secure Transport

* MBX role is required for legacy Public Folder based Free/Busy support


Hybrid Deployment requirements• Exchange Server Deployment Assistance podpowie !!!• Exchange 2010 Hybrid Server • 64-bit Windows Server 2008 lub 2008 R2 Standard lub Enterprise• .NET Framework, PowerShell v2, WinRM v2, IIS

• Active Directory Federation Services Servers• Active Directory Synchronization Server


Exchange Deployment Assistant

http://technet.microsoft.com/exdeploy2010






Hybrid Deployments with the Hybrid Configuration Wizard (Exchange 2010 SP2)• http://

technet.microsoft.com/en-us/library/hh529920.aspx?t=exchgf1

• Service Pack 2 (SP2) for Microsoft Exchange Server 2010 includes the New Hybrid Configuration and Manage Hybrid Configuration wizards, new components designed to help you configure hybrid deployments.

• New Hybrid Deployment• Manage a Hybrid Deployment

http://technet.microsoft.com/en-us/library/hh529920.aspx?t=exchgf1




Hybrid Deployments with the Hybrid Configuration Wizard (Exchange 2010 SP2)• Two step process:• New Hybrid Configuration Wizard – create the foundation for

the hybrid deployment, creates the object in your on=premises AD.

• Manage Hybrid Configuration Wizard• Test account credentials• Verify prerequisites and perform topology checks• Run the hybrid configuration changes

• Run the hybrid configuration changes• (Receipient) Adds an accepted domain

Get-AcceptedDomain | FL DomainName, IsCoexistenceDomain• (Exchange Federation) Exchange Federation with Microsoft

Federation Gateway• (Exchange Federation) Creates and configures organizational

relationships for both on-premise and cloud• (Mailbox Moves) Enables the Mailbox Replication Service (MRS)

proxy• (Mail flow) Configures on-premise HT and FOPE on Office365

organization


Hybrid Deployments with the Hybrid Configuration Wizard (Exchange 2010 SP2)


Hybrid Deployments with the Hybrid Configuration Wizard (Exchange 2010 SP2)• Documentation @TechNet: • Hybrid Deployments with the Hybrid Configuration Wizard• Understanding the Hybrid Configuration Wizard• Hybrid Configuration Wizard Prerequisites• Create a New Hybrid Deployment• Manage a Hybrid Deployment


Plan niestandardowy: wdrożenie „Hybrid”


Standard On-Premise Free/Busy


Federated Free/BusyCAS finds that mailbox is external matching Organization realationship

Request a Delagation Token


Hybryda a SSO (jednokrotne logowanie) 1/2• Active Directory Federation Services 2.0• Moduł Microsoft Online Services dla programu Windows

PowerShell

• Uruchom Microsoft Online Services.• Uruchom polecenie $cred=Get-Credential. Gdy polecenie

cmdlet monituje o podanie poświadczeń, wpisz swoje poświadczenia administracyjnego konta usługi Office 365.

• Uruchom polecenie Connect-MsolService –Credential $cred. To polecenie cmdlet umożliwia nawiązanie połączenia z usługą Office 365. Utworzenie kontekstu umożliwiającego połączenie z usługą Office 365 jest wymagane przed uruchomieniem innych dodatkowych poleceń cmdlet instalowanych przez narzędzie.

• Uruchom polecenie Set-MsolAdfscontext -Computer <serwer podstawowy AD FS 2.0>, gdzie <serwer podstawowy AD FS 2.0> jest wewnętrzną nazwą FQDN serwera podstawowego AD FS 2.0. To polecenie cmdlet powoduje utworzenie kontekstu zapewniającego połączenie użytkownika z usługami AD FS 2.0.


Hybryda a SSO (jednokrotne logowanie) 2/2• Uruchom polecenie New-MsolFederatedDomain –

DomainName <domena>, gdzie <domena> jest dodawaną domeną obsługującą logowanie jednokrotne. To polecenie cmdlet dodaje domenę.

• Uruchom polecenie Convert-MsolDomainToFederated –DomainName <domena>, gdzie <domena> jest domeną przeznaczoną do przekonwertowania. To polecenie cmdlet zmienia typ domeny ze standardowego uwierzytelniania na logowanie jednokrotne.

• Aby zweryfikować prawidłowy przebieg konwersji, porównaj ustawienia serwera AD FS 2.0 i usługi Office 365, uruchamiając polecenie Get-MsolFederationProperty –DomainName <domena>, gdzie <domena> jest domeną, której ustawienia chcesz przeglądać. Jeżeli nie są one zgodne, możesz uruchomić polecenie Update-MsolFederatedDomain –DomainName <domena> w celu zsynchronizowania ustawień.


DirSync (Synchronizacja katalogów) 1/3• Directory Synchronization tool 32-bit & 64-bit support (już

jest!)• DirSync 64-bit używa teraz Forefront Identity Manager (FIM)

2010• Upgrade z 32-bit do 64-bit nie jest wspierany• Usługa Office 365 obsługuje synchronizację maksymalnie

10 000 obiektów. • Jeżeli liczba obiektów w lokalnej usłudze Active Directory <=

50 000 to Microsoft SQL Server 2008 Express.• Microsoft Office 365 Deployment Readiness Tool beta• Tworzone jest konto MSOL_AD_SYNC w standardowej

jednostce organizacyjnej Użytkownicy lokalnej usługi Active Directory.

• Wymagania dla Directory Synchronization toola: • Serwer musi być w domenie i mieć dostęp (VLAN, ACL, itd.) do

kontrolera• Nie może być instalowany na kontrolerze domeny!• .NET Framework 3.5 SP1• PowerShell v2


DirSync (Synchronizacja katalogów) 2/3


DirSync (Synchronizacja katalogów) 3/3


Konfiguracja Hybrid Server Services 1/2

• Podłączenie się do Exchange Online (PowerShell, EMC)

• Włączenie Mailbox Replication service proxy (MRSProxy)

• Po co? Umożliwiamy przenoszenie skrzynek z on-premise do chmury

• Notepad • <Exchange Installation path>\V14\ClientAccess\ExchWeb\EWS\

web.config

• <!—Mailbox Replication Proxy Service configuration • <MRSProxyConfiguration• IsEnabled=”true” (standardowo jest false)• MaxMRSConnections=”100”• DataImportTimeout=”00:01:00” />


Hybrid Exchange Migration• Administrator uses EMC on-premise tool to manage

mailbox moves and other administrative cross-premise tasks• Note: There is no requirement to move mailboxes on-

premise to an Exchange Server 2010 server prior to moving them to the cloud

• Dirsync keeps GAL in sync as mailboxes are moved

Exchange Server

2007

Exchange Server

2010 SP1

Exchange Server 2010 SP1 CAS

Exchange

Server 2003

Mailbox migration


Konfiguracja Hybrid Server Services• Konfiguracja ExternalURL dla Virtual Directories (EWS, OAB,

ActiveSync)

• Konfiguracja Accepted Domains (Organization Configuration Hub Transport New Accepted Domains) – „Internal Relay Domain”

• Konfiguracja Outlook Anywhere (RPC over HTTP)

• Konfiguracja Autodiscover w DNS:• Autodiscover.contoso.com (CNAME lub A – IP external hybrid lub

firewall) • Autodiscover.service.contoso.com (CNAME -

autodiscover.outlook.com)

• Konfiguracja Federated delegation• Organization Configuration New Federation Trust (automatycznie

tworzy self-signed certyfikat• Domain proofs: Get-FederatedDomainProof – DomainName

contoso.com • Otrzymujemy rekordy TXT dla accepted domains


Konfiguracja Hybrid Server Services• Konfiguracja Organization Relationship• Po co? Calendar sharing / Free & Busy pomiędzy On-premise

a CloudOrganization Relationship - On-premise• Set-OrganizationRelationship -Identity "To Cloud" -

DomainNames "service.contoso.com","contoso.com" -MailTipsAccessEnabled $True -MailTipsAccessLevel All -DeliveryReportEnabled $True

Organization Relationship - Cloud• Enable-OrganizationCustomization• Set-OrganizationRelationship -Identity "To On-premises" -

DomainNames "exchangedelegation.contoso.com","contoso.com" -MailTipsAccessEnabled $True -MailTipsAccessLevel All -DeliveryReportEnabled $True

• Konfiguracja Send and Receive Connectors

• Konfiguracja Mail Flow (FOPE – po stronie chmury)


FOPE (Forefront Online Protection for Exchange)

• TLS pomiędzy on-premise a cloud base Exchange• Trusted emails – antyspam nie będzie filtrował tego ruchu• Wszystkie maile do chmury są routowane przez FOPE

smarthost


Take Away• Community Website: Blogs and Forums• Office 365 Deployment Guide• http://community.office365.com/modg/default.aspx

• Office 365 Deployment Tool• http://

community.office365.com/en-us/f/183/p/2285/8155.aspx• Exchange Deployment Assistant• http://

technet.microsoft.com/en-gb/exdeploy2010/default.aspx#DeploymentCheckList/gg507575/coexist

• Service Descriptions

http://community.office365.com/modg/default.aspx

http://community.office365.com/modg/default.aspx

http://community.office365.com/en-us/f/183/p/2285/8155.aspx

http://community.office365.com/en-us/f/183/p/2285/8155.aspx

http://technet.microsoft.com/en-gb/exdeploy2010/default.aspx




Co dalej?

2

1

3

Zapisz się i testuj Office 365 (30 dni trial)

Nauka o Exchange Online (TechNet Edge, Office365.pl, TechNet, Service Descriptions)

Sprawdź czy Exchange Online jest odpowiedni dla Twojego biznesu

Odwiedź www.office365.pl

4 Przystąp do darmowych kursów MVAhttps://www.microsoftvirtualacademy.com/tracks/office-365-for-the-it-pro-platform

microsoft ® exchange online overview

Documents

key office

familiar office desktop

cloud versions

cloudbased versions

cloud services

power of cloud productivity

user productivity

gb of storage